Privacy Policy
This Privacy Policy (“Policy”) explains how SaasBoomi Foundation (“SaasBoomi”) collects, uses, shares, and protects personal data obtained through its websites and related applications (“Website”), programs (“Programs”), and services (“Services”). This Policy is designed to comply with the Digital Personal Data Protection Act, 2023 (“DPDP Act”), the Information Technology Act, 2000, and applicable amendments, rules, regulations and guidelines enacted thereunder from time to time (“IT Act, 2000”) with specific mention of Rule 4 of the Information Technology (Reasonable Security Practices and Procedures and Sensitive personal information) Rules, 2011, and any other national and state laws which relate to the processing of data and other applicable laws.
SaasBoomi considers the privacy and security of the personal information of its users a matter of highest concern. Accordingly, this Policy has been designed and implemented to protect user information. This Privacy Policy is an electronic record in terms of the IT Act (and any other applicable law including Digital Personal Data Protection Act, 2023 and its ensuing rules as and when applicable). This electronic record does not require any physical or digital signatures. Any new features and/or services that are added to the current scope of services offered by SaasBoomi at any point in the future shall also be subject to the terms set out in this Policy along with any other future relevant legislations to be incorporated as per the laws of the land.
This Privacy Policy shall apply to any person who visits, browses, uses, or accesses SaasBoomi’s Website or uses any resources listed currently and in the future on SaasBoomi’s Website. Where consent is required, SaasBoomi shall provide a notice specifying the personal data being collected, the purposes of processing, and the rights available to Data Principals. All updates to this Policy will be communicated through the SaasBoomi website and/or other appropriate channels.
1. Scope of this Policy
This policy applies to
- Personal data of users collected by SaasBoomi through its Website and other means such as but not limited to forms, email, and WhatsApp in order to render its Programs and Services
- Data provided by users, customers, employees, vendors, and business partners
- Information gathered during recruitment and operational processes
- Data gathered automatically via digital platforms
2. Definitions
- Data Principal: The individual to whom the personal data belongs. For children (under 18) or persons with disabilities, this includes their parents or lawful guardians. For the purposes of this Privacy Policy, the founders and acquirers who participate in SaasBoomi’s Programs and Services, and the volunteers at SaasBoomi who support its Programs and Services are Data Principals.
- Data Fiduciary: Any person or organization (government or private) that determines the purpose and means of processing personal data. They bear the primary responsibility for compliance. For the purposes of this Privacy Policy, SaasBoomi is the Data Fiduciary in relation to personal data processed for its Programs and Services.
- Data Processor: Any entity that processes personal data on behalf of a Data Fiduciary (e.g., cloud providers, payroll vendors). [PP1] A full list of Data Processors deployed by SaasBoomi is presented in the Annexure to this Privacy Policy.
[PP1]Do name the full list of data processors you use. This includes any platform you use to host surveys, store data, etc. Please include the full list in the annexure. - Data Processor: Any entity that processes personal data on behalf of a Data Fiduciary (e.g., cloud providers, payroll vendors). [PP1] A full list of Data Processors deployed by SaasBoomi is presented in the Annexure to this Privacy Policy.
[PP1]Do name the full list of data processors you use. This includes any platform you use to host surveys, store data, etc. Please include the full list in the annexure. - Personal Data: Information that identifies or can identify an individual, such as name, contact details, and online identifiers.
3. Collection of Personal Data
- User Data: Personal data is collected directly from individual users in the following situations:
- Where a user expresses interest in SaasBoomi’s Programs and Services and signs up to participate by filling the form specifically allocated for the relevant role by providing their name, email ID, and phone number[PP1] .
- Where a user expresses interest in joining SaasBoomi’s Programs and Services, by contacting SaasBoomi via email, its website, and social media accounts[PP2] .
- Where a user voluntarily provides feedback to SaasBoomi on its Programs and Services.
[PP1]Please include any other information you ask them to submit through the form, even if optional.
[PP2]Even if you don’t specifically look at the DMs, it is helpful to mention this.
- Business and Professional Contacts: Limited data such as names, job titles, and contact details may be collected from business partners and vendors.
- Employee/Volunteer details: Personal data of employees such as name, address, email ID, phone number, date of birth, copies of educational certificates, curriculum vitae, and identity documents may be collected during recruitment and operational processes.
- Visitors to Premises: Visitors’ names, contact details, and organisational designation may be collected upon their visit to SaasBoomi’s premises. CCTV footage is recorded for security purposes. [PP1]
- Automatic Collection: Data such as device identifiers, IP addresses, geolocation, and user preferences are collected via cookies and similar technologies. Users may learn more from SaasBoomi’s Cookie Policy[PP2] .
- Indirect Collection: We may receive business contact information such as name, designation, employer, email address, and telephone number from trade events, webinars, industry directories, and business networking platforms for the purpose of responding to inquiries and promoting our products and services.
[PP1]Please retain this only if it is relevant.
[PP2]Please take a look at the Cookie Policy we’ve prepared as well.
4.Purpose and Use of Personal Data
SaasBoomi processes personal data for the following purposes:
- Facilitating the delivery of Programs and Services
- Providing information on Programs and Services and related topics
- Fulfilling contractual obligations
- Facilitating transactions
- Training staff and volunteers to provide better service
- Providing information on offers and promotional activities and special offers on other services that SaasBoomi thinks that a user may like
- Complying with legal and regulatory requirements
- Improving website functionality and personalizing user experience
- Marketing and promotional communications with consent
- Provision of a periodical newsletter and updates on Programs and Services via email[PP6]
- Recruitment, employment, and operational management
- Conducting analytics and research
The specific purposes and data collected are provided in detail in the table below:
| Purpose | Data Collected |
| Membership registration | Name, Email ID, Contact Number |
| Newsletter registration | Email ID |
| Volunteer / Employee recruitment and onboarding | Name, Email ID, Contact Number, Address, ID Proof, Tax IDs, Bank account information, Health information |
| KYC Compliance [PP7] | ID Proof, Tax IDs |
| Billing and Payments | Billing Address, Bank Account Details, Payment screenshots |
| Troubleshooting and Support | Name, Contact Details, Nature of Inquiry |
| Participation in Programs and Services[PP8] |
5. Sharing of Personal Data
SaasBoomi shares personal data only in the following circumstances:
- Program and Service Delivery for Match Point: Before a mutual match, SaasBoomi may use or share summarised, aggregated or anonymised information with potential counterparties to assess whether there may be a suitable match. A user’s identity will not be disclosed to a prospective counterparty at this stage. Once both the founder and the acquirer have agreed to an introduction, SaaSBoomi may share their identities, contact details and such other information as has been agreed or is reasonably necessary to facilitate the introduction.
- For Regulatory and Legal Compliance: Personal data may be disclosed to regulatory authorities and law enforcement agencies as required by law.
- Partner companies: Personal data shall only be shared with partner organizations where necessary to provide requested services or where the Data Principal has separately consented to such disclosure.
- Third-Party Service Providers: SaasBoomi shares data with trusted service providers for IT support, payment processing, and marketing services. Contracts ensure that all such data is used only for intended purposes.
- Business Transfers: Personal data may be transferred during mergers, acquisitions, or asset sales.
6. Data Security
- SaasBoomi implements robust measures to protect personal data, including[PP10] :Encryption: AES-256 for sensitive data.Access Controls: Restricted access based on role and necessity.Audits: Regular security assessments and compliance reviews.Incident Response: Procedures to address potential data breaches promptly.SaasBoomi exercises care while sending mails to its users. In case of any mail other than business mails referring to SaasBoomi or www.saasboomi.org seems suspicious, a user should immediately contact SaasBoomi and verify the credibility of the mail.SaasBoomi’s website may contain links to third party websites and other resources which may have their own privacy policies. SaasBoomi holds no responsibility for the data entered into third party links and urges users to go through the respective privacy policies before engaging.
- Personal data may be processed, stored, or accessed outside India. Where applicable, such transfers shall be undertaken in accordance with the DPDP Act and any restrictions notified by the Government of India.
7. Retention of Personal Data
All personal data is retained only as long as necessary to fulfil its purpose or comply with legal obligations. After the retention period, data is securely deleted or anonymized. Specifically:
- Personal data and access details are stored until the service is terminated[PP11] .
- Website analytics, demographics, and visitor behaviour data are stored for up to 3 years. [PP12]
- Volunteer data may be retained during volunteer engagement and thereafter for such period as required by applicable law, contractual obligations, audit requirements, and legitimate business purposes.
8. Response to Data Breaches
- SaasBoomi shall take all measures to secure personal data it collects and retains. Should an incident of breach occur, it shall respond to all such personal data breaches in accordance with applicable legal requirements.
9. Children’s Privacy
- SaasBoomi does not collect the data of individuals aged under 18 years. If a user believes that SaasBoomi has collected data from a minor, they are advised to contact SaasBoomi immediately via <EMAIL>.
10. User Rights
Under the DPDP Act, a user has the following rights:
- Access: Users may request information regarding the personal data processed by SaasBoomi, the categories of personal data being processed, the purposes of processing, and details of entities with whom such data has been shared, subject to applicable law.
- Rectification: Users can request the correction of inaccuracies in their personal data as maintained by SaasBoomi.
- Erasure: Users can request the deletion of their data as maintained by SaasBoomi.
- Nomination: Users cannominate any other person in line with the law to exercise their rights on their behalf in relation to their data as maintained by SaasBoomi.
- Withdrawal of Consent: Users can revoke consent at any time for the use and processing of their data as maintained by SaasBoomi.
- Seek Redressal of Grievances: Users can seek to have their grievances relating to their personal data as maintained by SaasBoomi redressed through a grievance mechanism.
- Opting out: SaasBoomi may contact users regarding promotions, service/product launches, feedback and surveys. If a user wishes to opt out of these activities, they may email SaasBoomi at <EMAIL ID>.
To exercise any of these rights, a user can contact SaasBoomi at <EMAIL ID>. All requests will be processed within 30 days or as required by law.
11. Changes to the Privacy Policy
- This Policy may be updated periodically to reflect legal, regulatory, or operational changes. Updates will be communicated via SaasBoomi’s website.